The present invention pertains to data encryption algorithms, as for example, the Data Encryption Standard (DES), as described in Federal Information Processing Standards Publications FIPS 46-1, "Data Encryption Standard", and FIPS 81, "DES Modes of Operation", both published by the United States Department of Commerce. The latter describes four different techniques approved for employing the Data Encryption Standard; each of these techniques operates in both an Encrypt and a Decrypt mode for performing the desired encryption and corresponding decryption functions. These techniques are the electronic code book mode, the cipher block chaining mode, and the cipher and output feedback modes. These ciphering methods operate in either a block mode or a stream mode. A brief summary of these techniques follows.
The electronic code book mode is one in which 64 bit blocks of input data are successively and independently processed, such that an error in one bit of a given block of encrypted data, due, for example, to corruption in data transmission and reception, results in error rates approximating fifty percent in decrypting the particular data block affected by the error and does not affect the error rate in decrypting other encrypted data blocks.
The cipher block chaining mode is one in which the first input data block is exclusive-ORed with an initialization vector, also known as a traffic key or as a traffic variable, and the resultant data block is input to a DES-compliant ciphering device. The output data are transmitted as the first block of cipher-text and are also exclusive-ORed with the second input data block. The result of the exclusive-OR operation is input to a DES-compliant ciphering device. The encrypted output data are then transmitted as the second output data block and additionally are exclusive-ORed with the third input data block. This chaining procedure continues throughout the enciphering process and a similar procedure applies for deciphering the resultant cipher-text. A single error in one bit of a given block of encrypted data in the cipher block chaining mode results in corruption of the data block containing the single bit error and succeeding blocks as well. Another disadvantage to this method is that blocks containing less than 64 bits require special handling.
In the cipher feedback mode, an integral number K of cipher-text output bits are placed to one side of the DES-compliant ciphering device input data buffer. K bits of input data are exclusive-ORed with the DES-compliant ciphering device output data block to produce cipher-text. An inverse arrangement at the receiver decrypts the cipher-text blocks to recover a decrypted plain-text message. Both the encryption and decryption operations utilize the data encryption algorithm in the encrypt mode, however, the decrypt mode can be employed as an alternative. In the cipher feedback mode of operation, a single bit error in the cipher-text results in corruption of that data block in exactly the same place where the error occurred and the succeeding data block will have a fifty percent probability of error for any given bit.
Block data ciphering techniques have inherent advantages over stream modes in that the block boundaries permit re-synchronization in the event that a bit is added to or subtracted from the data during transmission and reception. This re-synchronization property is known as "self-synchronization". Ciphering techniques which rely on stream encryption/decryption modes cannot self-synchronize and so require re-initialization communication when synchronization is lost. This causes block data ciphering techniques to be greatly preferred for practical system applications, in spite of substantially greater data corruption occurring for each bit which is in error than is the case for some stream ciphering techniques.
A limitation of weakness of the above described prior art arrangement is that single bit errors in transmission or reception of the encrypted data stream cause multiple bit errors in the decrypted data stream. This property of error extension makes it very difficult to use systems such as DES which exhibit error extension in noisy environments.
What is needed is a block mode method for data encryption, transmission, reception and decryption which includes the integrity of the Federal Data Encryption Standard, and yet which provides minimal errors in the decrypted text for each error occurring in transmission and/or reception of the encrypted data stream, i.e., little or no error extension.